Уязвимость бесконечного цикла в диссекторе DICOM в Wireshark из-за некорректной валидации значения длины
Описание
В Wireshark обнаружена уязвимость, связанная с бесконечным циклом в диссекторе DICOM. Проблема была устранена путём проверки значения длины в файле epan/dissectors/packet-dcm.c.
Затронутые версии ПО
- Wireshark версии 2.2.0 до 2.2.6
- Wireshark версии 2.0.0 до 2.0.12
Тип уязвимости
Бесконечный цикл (infinite loop)
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector h ...
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.
EPSS
7.5 High
CVSS3
7.8 High
CVSS2